Welcome to bulk_extractor!

Downloads and Websites
----------------------

  * [Current Release](http://digitalcorpora.org/downloads/bulk_extractor/bulk_extractor-1.3.1.tar.gz)
  * [Download Archive](http://digitalcorpora.org/downloads/bulk_extractor/)
  * [Forensics Wiki Entry](http://www.forensicswiki.org/wiki/Bulk_extractor)


Downloading the Development Tree
--------------------------------

Download the sources with git:

  $ git clone --recursive https://github.com/simsong/bulk_extractor.git


Compiling Notes
---------------

bulk_extractor builds with the GNU auto tools.  The maintainer has
previously run automake and autoconf to produce the script
"configure".  This script *should* be able to compile bulk_extractor
for your platform. 

We recommend compiling bulk_extractor with -O3 and that is the
default. You can disable all optimization flags by specifying the
configure option --with-noopt.


Compiling for MacOS or Linux
----------------------------

From the downloaded source directory run bootstrap.sh, configure and make:

  $ cd bulk_extractor
  $ sh bootstrap.sh
  $ sh configure
  $ make
  $ sudo make install


Compiling for Windows
---------------------

There are three ways to compile for Windows:

  1. Cross-compiling from a Linux or Mac system with mingw.
  2. Compiling natively on Windows using mingw.
  3. Compiling natively on Windows using cygwin (untested)


Cross-compiling for Windows using Debian Testing (wheezy) or Ubuntu 12.04 LTS (with mingw):
------------------------------------------------------------------------------

You will need to install mingw-w64 and zlib-dev:

  $ sudo apt-get update
  $ sudo apt-get upgrade
  $ sudo apt-get -y install mingw-w64 

Next, download zlib from zlib.net

  $ ./configure --host=i686-w64-mingw32

This allows the cross-compiling of the 64-bit and the 32-bit
bulk_extractor.exe, although we do not recommend running the 32-bit
version.  Now you are ready to compile:

  $ git clone --recursive https://github.com/simsong/bulk_extractor.git
  $ cd bulk_extractor
  $ sh bootstrap.sh
  $ mingw64-configure


Cross-compiling for Windows using Fedora
----------------------------------------

Please see src_win/README for instructions on cross-compiling for Windows from Fedora
using automated scripts.

Set up mingw and the cross-compilation environment:

  $ sudo yum -y install mingw64-gcc-c++ mingw64-zlib-static mingw64-pthreads flex 
  $ sudo yum -y install autoconf automake  # not strictly needed, but necessary to build from SVN/GIT
  $ sudo yum -y install zlib-devel zlib-static
  * Run script CONFIGURE_F18.bash found in directory src_win/.
  * Run script CONFIGURE_LIBRARIES.sh found in directory src_win/ to install libewf and TRE.
  $ make win32
  $ make win64


Installing on a Linux/MacOS/Mingw system
----------------------------------------

  $ ./configure
  $ make
  $ sudo make install

The following directories will NOT be installed with the above commands:

    python/   - bulk_extractor python tools.
    	      	Copy them where you wish and run them directly. 
		These tools are experimental.

    plugins/  - This is for C/C++ developers only. You can develop your own
    	      	bulk_extractor plugins which will then be run at run-time
		if the .so or .dll files are in the same directory as
		the bulk_extractor executable.
	
This will install bulk_extractor in /usr/local/bin  (by default)

To get started and send an extract of image.raw to OUTPUT, use this command:

  $ /usr/local/bin/bulk_extractor -o OUTPUT image.raw

This will create a directory called OUTPUT that contains lots of files you should examine.


Additional packages used by bulk_extractor
------------------------------------------

The TRE or libgnurx regular expression library is required.  TRE is
preferred because experiments indicate that it is about 10X faster.

The libgnurx-static package is required.

The LIBEWF library is recommended for access to E01 files.

Packages may be installed by running the CONFIGURE_F17.sh script in src_win/.
The additional libraries may be installed by running the CONFIGURE_LIBRARIES.sh script in src_win/.


Dependencies
------------

Before compiling bulk_extractor for your platform, you may need to install
other packages on your system which bulk_extractor requires to compile cleanly.


* Installing Dependencies On Fedora:

On Fedora, this command should add the appropriate packages:

  $ sudo yum update
  $ sudo yum groupinstall development-tools
  $ sudo yum install flex
  $ sudo yum install zlib-devel

Note: the following specific packages may be loaded instead of
installing development-tools:
  git
  gcc
  gcc-c++
  autoconf
  automake
  libtool
  openssl-devel

If the Bulk Extractor Viewer is required, also install a Java JDK Version 6
or newer.

* Installing Dependencies On Debian and Ubuntu:

On Debian Testing (wheezy) and Ubuntu 12.04, this was sufficient:

  $ sudo apt-get -y install gcc g++ flex libewf-dev 


* Installing Dependencies On Mac:

We recommend installing Mac dependencies using the MacPorts system. Once that is installed, try:

  $ sudo port install flex autoconf automake libewf-devel

Note that port installs to /opt/local/bin, so file /etc/paths may need to be updated
to include /opt/local/bin.

Note that libewf-devel may not be available in ports.  If it is not, please download
libewf source, ./configure && make && sudo make install

TRE is faster than libgnurx, so we recommend to download the source then:

  ./configure
  make
  sudo make install

If you really need to read AFFLIB, you will also need to install openssldev.  Please
note that AFF is in the process of being deprecated.

================================================================
DEVELOPERS!

If you are developing with github, after a checkout, you may wish to do this:

for i in dfxml be13_api  ; do echo $i ; (cd $i && git remote rm origin && git add origin [email protected]:simsong/$i.git && git checkout master ) ; done